148 research outputs found
Cognitive Radio from Hell: Flipping Attack on Direct-Sequence Spread Spectrum
In this paper, we introduce a strong adversarial attack, referred to as the
flipping attack, on Direct-Sequence Spread Spectrum (DSSS) systems. In this
attack, the attacker, which is appropriately positioned between the transmitter
and the receiver, instantaneously flips the transmitted symbols in the air at
50% rate, thereby driving the channel capacity to zero. Unlike the traditional
jamming attack, this attack, when perfectly executed, cannot be detected at the
receiver using signal-to-noise-ratio measurements. However, this attack
necessitates the attacker to perfectly know the realizations of all the
channels in the model. We first introduce the consequences of the flipping
attack on narrowband frequency-flat channels, and subsequently discuss its
feasibility in wideband frequency-selective channels. From the legitimate
users' perspective, we present a method to detect this attack and also propose
heuristics to improve the error-performance under the attack. We emphasize that
future cyber-physical systems that employ DSSS should design transceivers to
detect the proposed flipping attack, and then apply appropriate
countermeasures
Enabling Work-conserving Bandwidth Guarantees for Multi-tenant Datacenters via Dynamic Tenant-Queue Binding
Today's cloud networks are shared among many tenants. Bandwidth guarantees
and work conservation are two key properties to ensure predictable performance
for tenant applications and high network utilization for providers. Despite
significant efforts, very little prior work can really achieve both properties
simultaneously even some of them claimed so.
In this paper, we present QShare, an in-network based solution to achieve
bandwidth guarantees and work conservation simultaneously. QShare leverages
weighted fair queuing on commodity switches to slice network bandwidth for
tenants, and solves the challenge of queue scarcity through balanced tenant
placement and dynamic tenant-queue binding. QShare is readily implementable
with existing switching chips. We have implemented a QShare prototype and
evaluated it via both testbed experiments and simulations. Our results show
that QShare ensures bandwidth guarantees while driving network utilization to
over 91% even under unpredictable traffic demands.Comment: The initial work is published in IEEE INFOCOM 201
Caching-based Multicast Message Authentication in Time-critical Industrial Control Systems
Attacks against industrial control systems (ICSs) often exploit the
insufficiency of authentication mechanisms. Verifying whether the received
messages are intact and issued by legitimate sources can prevent malicious
data/command injection by illegitimate or compromised devices. However, the key
challenge is to introduce message authentication for various ICS communication
models, including multicast or broadcast, with a messaging rate that can be as
high as thousands of messages per second, within very stringent latency
constraints. For example, certain commands for protection in smart grids must
be delivered within 2 milliseconds, ruling out public-key cryptography. This
paper proposes two lightweight message authentication schemes, named CMA and
its multicast variant CMMA, that perform precomputation and caching to
authenticate future messages. With minimal precomputation and communication
overhead, C(M)MA eliminates all cryptographic operations for the source after
the message is given, and all expensive cryptographic operations for the
destinations after the message is received. C(M)MA considers the urgency
profile (or likelihood) of a set of future messages for even faster
verification of the most time-critical (or likely) messages. We demonstrate the
feasibility of C(M)MA in an ICS setting based on a substation automation system
in smart grids.Comment: For viewing INFOCOM proceedings in IEEE Xplore see
https://ieeexplore.ieee.org/abstract/document/979676
A Clean Slate Design for Secure Wireless Ad-Hoc Networks -Part 1: Closed Synchronized Networks
Abstract-We propose a clean-slate, holistic approach to the design of secure protocols for wireless ad-hoc networks. We design a protocol that enables a collection of distributed nodes to emerge from a primordial birth and form a functioning network. We consider the case when nodes are synchronized and the network is closed, in that no other nodes can join. We define a game between protocols and adversarial nodes, and describe a protocol that is guaranteed to achieve the max-min payoff regardless of what the adversarial nodes do. Moreover, even though the adversarial nodes always know the protocol a priori, we show an even stronger result; the protocol is guaranteed to achieve the min-max payoff. Hence there is a saddle point in the game between protocols and adversarial strategies. Finally, we show that the adversarial nodes are in effect, strategically confined to either jamming or conforming to the protocol. These guarantees are contingent on a set of underlying model assumptions, and cease to be valid if the assumptions are violated
A System-Theoretic Clean Slate Approach to Provably Secure Ad Hoc Wireless Networking
Abstract-Traditionally, wireless network protocols have been designed for performance. Subsequently, as attacks have been identified, patches have been developed. This has resulted in an "arms race" development process of discovering vulnerabilities and then patching them. The fundamental difficulty with this approach is that other vulnerabilities may still exist. No provable security or performance guarantees can ever be provided. We develop a system-theoretic approach to security that provides a complete protocol suite with provable guarantees, as well as proof of min-max optimality with respect to any given utility function of source-destination rates. Our approach is based on a model capturing the essential features of an adhoc wireless network that has been infiltrated with hostile nodes. We consider any collection of nodes, some good and some bad, possessing specified capabilities vis-a-vis cryptography, wireless communication and clocks. The good nodes do not know the bad nodes. The bad nodes can collaborate perfectly, and are capable of any disruptive acts ranging from simply jamming to non-cooperation with the protocols in any manner they please. The protocol suite caters to the complete life-cycle, all the way from birth of nodes, through all phases of ad hoc network formation, leading to an optimized network carrying data reliably. It provably achieves the min-max of the utility function, where the max is over all protocol suites published and followed by the good nodes, while the min is over all Byzantine behaviors of the bad nodes. Under the protocol suite, the bad nodes do not benefit from any actions other than jamming or cooperating. This approach supersedes much previous work that deals with several types of attacks including wormhole, rushing, partial deafness, routing loops, routing black holes, routing gray holes, and network partition attacks
Association of TNF-α gene with spontaneous deep intracerebral hemorrhage in the Taiwan population: a case control study
<p>Abstract</p> <p>Background</p> <p>Genetic factors may play a role in susceptibility to spontaneous deep intracerebral hemorrhage (SDICH). Previous studies have shown that <it>TNF-α </it>gene variation was associated with risks of subarachnoid hemorrhage in multiple ethnicities. The present case-control study tested the hypothesis that genetic variations of the <it>TNF-α </it>gene may affect the risk of Taiwanese SDICH. We examined the association of SDICH risks with four single nucleotide polymorphisms (SNPs) within the <it>TNF-α </it>gene promoter, namely T-1031C, C-863A, C-857T, and G-308A.</p> <p>Methods</p> <p>Genotyping was determined by PCR-based restriction and electrophoresis assay for 260 SDICH patients and 368 controls. Associations were tested by logistic regression or general linear models with adjusting for multiple covariables in each gender group, and then in combined. Multiplicative terms of gender and each of the four SNPs were applied to detect the interaction effects on SDICH risks. To account for the multiple testing, permutation testing of 1,000 replicates was performed for empirical estimates.</p> <p>Results</p> <p>In an additive model, SDICH risks were positively associated with the minor alleles -1031C and -308A in men (OR = 1.9, 95% CI 1.1 to 3.4, p = 0.03 and OR = 2.6, 95% CI 1.3 to 5.3, p = 0.005, respectively) but inversely associated with -863A in females (OR = 0.5, 95% CI 0.2 to 0.9, p = 0.03). There were significant interaction effects between gender and SNP on SDICH risks regarding SNPs T-1031C, C-863A, and G-308A (p = 0.005, 0.005, and 0.007, respectively). Hemorrhage size was inversely associated with -857T in males (p = 0.04).</p> <p>Conclusions</p> <p>In the Taiwan population, the associations of genetic variations in the <it>TNF-α </it>gene promoter with SDICH risks are gender-dependent.</p
- …